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1 This action is in response to the communication filed on 1/8/2007. 

2 DETAILED ACTION 

3 Response to Arguments 

4 Applicants' arguments filed 1/8/2007 have been fully considered but they are not 

5 persuasive. Applicants argues primarily that: 

6 a. Gaflcen teaches away fi-om storing the BIOS in a hard drive, 

7 b. Hayashi does not teach independent verification of the source of each entry. 

8 Regarding applicants' argument a., that Gafken teaches away from storing the BIOS in a 

9 hard drive, the examiner does not find the argument persuasive. First, Gafken teaches that the 

10 specific embodiment disclosed is not meant to be limiting and the updating procedure can be 

1 1 applied to different data and different non-volatile memories, as can be seen in Col. 14 Paragraph 

12 6. Applicants appear to be arguing also that one of ordinary skill in the art would not consider a 

13 hard disk drive to be a non-volatile memory. The examiner disagrees. A memory is simply a 

14 device where information can be stored and retrieved. A hard disk drive is a device where 

15 information can be stored and retrieved. Further, a hard disk drive is non-volatile. As such, at 



16 the time of invention, one of ordinary skill in the art would have considered a hard disk drive to 

17 be a non-volatile memory. Furthermore, one of ordinary skill in the art would have recognized 

18 that a hard disk drive can be used in place of flash memory, as evidenced by Zinger et al. (US 

19 Patent Number 6,836,847) in Col. 6 Paragraph 2. Even further still, Arnold teaches that a BIOS 

20 can be stored in a hard-disk drive. As such, no teaching of Gafken would have been discouraged 

21 one of ordinary skill in the art from using a hard-disk drive in place of Flash memory for storing 

22 the BIOS as taught by Arnold. 



7) 
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1 Further still, simply because Gafken did not specifically disclose storing the BIOS in the 

2 hard drive, does not mean he is teaching away from the combination, but rather shows that in the 

3 preferred embodiment of Gafken the BIOS is stored in flash memory. Also, contrary to 

4 applicants argument, the fact that Gaflcen's claims are directed towards the system using Flash 

5 Memory does not evidence teaching away, but again shows the preferred embodiment of Gaflcen. 

6 As such, the examiner contends that a prima facie case of obviousness has been established and 

7 therefore has maintained the rejection. 

8 In response to applicants' argument b., that the references fail to show certain features of 

9 applicant's invention, it is noted that the features upon which appUcant reUes (i.e., separately 

10 verifying the source of each entry) are not recited in the rejected claim(s). Although the claims 

1 1 are interpreted in light of the specification, limitations from the specification are not read into the 

12 claims. See In re VanGeuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). The claims do 

13 not recite that the source of each entry is verified independently for each entry. Rather, the claim 

14 simply requires that the source of each entry be verified. The signature verification of Gaflcen, 

15 which verifies the source of the entire upgrade, and therefore each entry, through digital 

16 signatures as can be seen in Col. 12 Paragraph 7 - Col. 13 Paragraph 1, meets these limitations 

17 and as such the examiner does not find the argument persuasive. As such, the examiner does not 

18 find the argument persuasive. 

19 All rejections and objections not specifically set forth below have been withdrawn. 

20 Claims 37-62 have been examined, and claims 1-36 have been cancelled. 
21 
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1 Claim Rejections - 35 USC §103 

2 The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

3 obviousness rejections set forth in this Office action: 

4 A patent may not be obtained though the invention is not identically disclosed or described as set forth 

5 in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 

6 are such that the subject matter as a whole would have been obvious at the time the invention was made to a 

7 person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived 

8 by the manner in which the invention was made. 

9 

10 Claims 37, and 50 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gafken 

1 1 (US Patent Number 6,026,016), further in view of Arnold et al. (US Patent Number 5, 128,995) 

12 hereinafter referred to as Arnold, and fiirther in view of Menezes et al ("Handbook of Applied . 

13 Cryptography") hereinafter referred to as Menezes. 

14 Regarding claim 37, Gafken disclosed a method for providing a capability to securely 



15 update information stored in a plurality of computer systems (See Gafken Fig. 5), where in the 

16 method comprises: forming a protected partition within each of the computer systems (See 

17 Gafken Col 4 Paragraphs 3-4); storing within nonvolatile storage (See Gafken Fig. 1 Element 



18 1 18) of each computer system in the plurality of computer systems, an operating system (See 

19 Gafken Fig. 1 Element 150), and an initialization routine (See Gafken Fig. 1 Element 151) to 

20 execute within a processor of the computer system after power on of the computer system (See 

21 Gafken Col. 3 Paragraph 2 Lines 1-4), wherein the initialization routine includes instructions 

22 causing the protected partition to be locked before the operating system is loaded (See Gafken 

23 Col. 13 Paragraph 9 - Col. 14 Paragraph 2), and wherein instructions causing information stored 

24 within a predetermined location to be written within the protected partition after predetermined 

25 security procedures have occurred but before the protected partition is locked (See Gafken Col. 

26 13 Paragraph 8); establishing a network connecting each computer system in the plurality of 
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1 computer systems with a server system (See Gafken Col 3 Paragraph 6 and Col. 12 Paragraph 

2 7); generating an update partition file within the server system (See Gafken Col. 12 Paragraph 7 

3 - Col. 13 Paragraph 1); transmitting the update partition file over the network to each computer 

4 system in the plurality of computer systems (See Gafken Col. 12 Paragraph 7); and storing the 

5 update partition file within the predetermined location of each computer system in the plurality 

6 of computer systems (See Gafken Col. 12 Paragraph 5), however, Gafken failed to disclose the 

7 protected partition being within a hard drive, or a setup password stored in the nonvolatile 

8 storage for use in the predetermined security procedures. However, Gafken did disclosed that 

9 "although the example. . . describes a flash memory used to store. . . a BIOS . . . other types of 

10 nonvolatile memories storing other types ofinformation may be used" (See Gafken Col. 14 

1 1 Paragraph 6). 

12 Arnold teaches that a BIOS can be stored in a protected partition of a hard drive (See 

13 Arnold Col. 2 Line 63 - Col 3 Line 12). 

14 It would have been obvious to the ordinary person skilled in the art at the time of 

1 5 invention to employ the teachings of Arnold in the BIOS updating system of Gafken by storing 

16 the BIOS in a protected partition of a hard drive instead of flash memory. This would have been 

17 obvious because the ordinary person skilled in the art would have been motivated to provide a 

18 fast and efficient way to store BIOS code. 

19 Menezes teaches that providing a sequence number (password), stored and updated at 

20 both a receiver and a sender, in a digital signature of the sender, protects the signature against 

21 replay attacks (See Menezes Page 399 Section (ii)). 
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1 It would have been obvious to the ordinary person skilled in the art at the time of 

2 invention to employ the teachings of Menezes to the validation signatures of Gafken by 

3 providing a sequence number in the signature of the update image. This would have been 

4 obvious because the ordinary person skilled in the art would have been motivated to provide 

5 protection against illicitly signed updates. 

6 Regarding claim 50, Gafken disclosed an interconnected system for providing 

7 updated information in a secure manner (See Gafken Abstract and Fig. 5), wherein the 

8 interconnected system comprises: a network (See Gafken Col. 3 Paragraph 6 and Col. 12 

9 Paragraph 7); a server system connected to the network and programmed to generate an update 

10 partition file and to transmit the update partition file over the network (See Gafken Col. 12 

1 1 Paragraph 7 - Col. 13 Paragraph 1); a computer system connected to the network, wherein the 

12 computer system includes a processor (See Gafken Fig. 1), non-volatile data storage including a 

13 protected partition (See Gafken Fig. 1 Element 115 and Col. 4 Paragraphs 3-4), wherein the 

14 processor is programmed to receive the update partition file from the network and to store the 

15 update partition file in a predetermined location within the nonvolatile data storage outside the 

16 protected partition (See Gafken Col. 12 Paragraphs 5-7), and wherein the nonvolatile data 

17 storage stores an operating system and an initialization routine executing within the processor 

18 after power on of the computer system (See Gafken Fig. 1 Element 118 and Col. 3 Paragraph 2 

19 Lines 1-4), including instructions causing the protected partition to be locked before the 

20 operating system is loaded (See Gafken Col. 13 Paragraph 9 - Col. 14 Paragraph 2), and 

21 instructions causing information stored within the predetermined location to be written within the 

22 protected partition after predetermined security procedures have occurred but before the 
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1 protected partition is locked (See Gafken Col 13 Paragraph 8), but Gafken failed to disclose the 

2 protected partition being within a hard drive, or a setup password stored in the nonvolatile 

3 storage for use in the predetermined security procedures. However, Gafken did disclosed that 

4 "although the example . . . describes a flash memory used to store. . . a BIOS . . . other types of 

5 nonvolatile memories storing other types of information may be used" (See Gafken Col. 14 

6 Paragraph 6). 

7 Arnold teaches that a BIOS can be stored in a protected partition of a hard drive (See 

8 Arnold Col. 2 Line 63 - Col. 3 Line 12). 

9 It would have been obvious to the ordinary person skilled in the art at the time of 

10 invention to employ the teachings of Arnold in the BIOS updating system of Gaflcen by storing 

1 1 the BIOS in a protected partition of a hard drive instead of flash memory. This would have been 

12 obvious because the ordinary person skilled in the art would have been motivated to provide a 

13 fast and efficient way to store BIOS code. 

14 Menezes teaches that providing a sequence number (password), stored and updated at 

1 5 both a receiver and a sender, in a digital signature of the sender, protects the signature against 

16 replay attacks (See Menezes Page 399 Section (ii)). 

17 It would have been obvious to the ordinary person skilled in the art at the time of invention to 

18 employ the teachings of Menezes to the validation signatures of Gafken by providing a sequence 

19 number in the signature of the update image. This would have been obvious because the 

20 ordinary person skilled in the art would have been motivated to provide protection against 

21 illicitly signed updates. 
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1 Claim 38-43 and 51-56 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

2 the combination of Gafken, Arnold, and Menezes as applied to claims 37 and 50 above, and 

3 further in view of Hasbun et al. (U.S. Patent Number 6,088,759) hereinafter referred to as 

4 Hasbun. 

5 Regarding claims 38 and 51, the combination of Gafken, Arnold, and Menezes disclosed 

6 after determining that said update partition is stored within said computing system for updating 

7 said protected partition, writing a portion of said update partition file to said protected partition 



8 (See Gaflcen Col. 13 Paragraph 8); and locking said protected partition to prevent further 

9 modification of information stored within said protected partition (See Gafken Col. 13 Paragraph 

10 9 - Col. 14 Paragraph 1), but failed to disclose overwriting similar parts and appending new 

1 1 parts. 



12 Hasbun teaches that a bios update can be allocated into virtual blocks so that the blocks 

13 can be updated individually without having to erase the entire memory first (See Hasbun Col. 5 

14 Paragraph 6 - Col. 6 Paragraph 2 and Col. 12 Line 59 - Col. 16 Line 27). Hasbun also teaches 

15 that new blocks should be allocated from existing free memory (See Hasbun Col. 7 Paragraph 2). 

16 It would have been obvious to the ordinary person skilled in the art at the time of 

17 invention to employ the teachings of Hasbun to the bios updating system of Gafken, Arnold, and 

18 Menezes by updating each update part one at a time. This would have been obvious because the 

19 ordinary person skilled in the art would have been motivated to provide a safe method for 
. 20 updating a bios without risking loss of the entire bios in the event of a power failure. 

21 Regarding claims 39 and 52, the combination of Gafken, Arnold, Menezes, and Hasbun 

22 disclosed that a flag bit is set in non- volatile storage within said computing system when said 
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1 update partition file is stored at a predetermined location in non-volatile storage within said 

2 computing system (See Gafken Col. 13 Paragraphs 3-4), and determining whether said update 

3 partition is stored within said computing system for updating said protected partition is 

4 performed by determining whether said flag bit is set (See Gafken Col. 13 Paragraph 7 and Fig. 5 

5 Step 550). 

6 Regarding claims 40 and 53, the combination of Gafken, Arnold, Menezes, and Hasbun 

7 disclosed that after determining that said update partition file is stored within said computing 

8 system for updating said protected partition, verifying whether said update partition file has been 

9 generated by a trusted server system, and said portion of said update partition is written to said 

10 protected partition only following verification that said update partition file has been generated 

11 by a trusted server system (See Gafken Col. 12 Paragraph 6 - Col. 13 Paragraph 1 and Figure 6). 

12 Regarding claims 41 and 54, the combination of Gafken, Arnold, Menezes, and Hasbun 

13 disclosed that verification that said update partition file has been generated by said trusted server 

14 system includes: forming a first message digest by applying a hash algorithm to a portion of said 

15 update partition file; forming a second message digest by decrypting a digital signature within 

16 said update partition file using a public key of said trusted server system; and determining that 

17 said first and second message digests are identical (See Gafken Col. 12 Paragraph 7 Line 10 - 

18 Col. 13 Line 2). 

19 Regarding claims 42 and 55, the combination of Gafken, Arnold, Menezes, and Hasbun 

20 disclosed the predetermined setup procedures include verifying that said update partition file has 

21 been generated by said trusted server system includes signing an encrypted portion of said update 

22 partition file with a public key of said trusted server system, and said encrypted portion of said 
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1 update partition file has been prepared by signing, with a private key of said trusted server 

2 system, a result of the application of an algorithm to data including a version of said setup 

3 password accessed by said trusted server system (See the rejection of claim 37 above and Col. 12 

4 Paragraph 7 - Col. 13 Paragraph 1). 

5 Regarding claims 43 and 56, the combination of Gafken, Arnold, Menezes, and Hasbun 

6 disclosed that the data includes said version of said setup password appended to a portion of said 

7 update partition file (See rejection of claim 5 above), said algorithm is a hash algorithm 

8 generating a message digest (See Gaflcen Col. 12 Paragraph 7 - Col 13 Paragraph 1), and 

9 verifying that said update partition file has been generated by said trusted server system includes 

10 applying said hash algorithm to said setup password stored within said computing system 

1 1 appended to a portion of said update partition file to generate a first version of a message digest 

12 and comparing said first version of said message digest with a second version of said message 

13 digest obtained by signing said encrypted portion of said update partition file (See Gaflcen Col. 

14 12 Paragraph 7 - Col. 13 Paragraph 1). 

15 Claims 44-48 and 57-61 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

16 the combination of Gaflcen, Arnold, Menezes, and Hasbun as appHed to claims 38 and 51 above, 

17 and further in view of Hayashi et al. (US 2001/0039651 Al) hereinafter referred to as Hayashi. 

18 Regarding claims 44 and 57, the combination of Gaflcen, Arnold, Menezes, and Hasbun 

19 disclosed digitally signing the update file and verifying the signature prior to updating the 

20 partition (See Gaflcen Col. 12 Paragraph 7 - Col. 13 Paragraph 1), but the combination of 

21 Gaflcen, Arnold, Menezes, and Hasbun failed to disclose encrypting portions of the file 

22 separately and verifying each portion individually. 
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1 Hayashi teaches a method for providing a variety of software safely by breaking the file 

2 into pieces and decrypting each piece separately (See Hayashi Page 1 Col. 2 Paragraphs 3-10). 

3 It would have been obvious to the ordinary person skilled in the art at the time of 

4 invention to employ the teachings of Hayashi to the updating system of the combination of 

5 Gafken, Arnold, Menezes, and Hasbun by encrypting parts of the file separately from the other 

6 parts. This would have been obvious because the ordinary person skilled in the art would have 

7 been motivated to provide users with customized software without imposing too much of a load 

8 on the provider. In this combination, it would also be obvious that each block contained 

9 information to be stored in a different location from the other blocks. This would have been 

10 obvious because the ordinary person skilled in the art would have been motivated not perform 

1 1 unnecessary computation during the update. 

12 Regarding claims 45 and 58, the combination of Gafken, Arnold, Menezes, Hasbun, and 

13 Hayashi disclosed forming a first message digest by applying a hash algorithm to said entry, and 

14 forming a second message digest by signing said encrypted element associated with said entry 

1 5 using a pubUc key of said trusted server system, and determining that said first and second 

16 message digests are identical (See Gafken Col. 12 Paragraph 7 Line 10 - Col. 13 Line 2). 

17 Regarding claims 48 and 61, the combination of Gaflcen, Arnold, Menezes, Hasbun, and 

1 8 Hayashi disclosed that information stored in said protected partition is compared to each entry in 

19 said plurality of entries within said update partition, when a matching portion of said information 

20 stored in said protected partition is found to be similar to said entry, said matching portion is 

2 1 overwritten with said entry if space around said matching portion is sufficient, and when a 

22 matching portion of said information stored in said protected partition is not found to be similar 
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1 to said entry, said entry is appended to said information stored in said protected partition if space 

2 within said protected partition is sufficient (See the rejection of claim 38 above). 

3 Regarding claims 46-47 and 59-60, see the rejection of claims 42-43 above. 
4 

5 Claims 49 and 62 are rejected under 35 U.S.C. 103(a) as being unpatentable over the 

6 combination of Gafken, Arnold, Menezes, Hasbun, and Hayashi as applied to claim 48 above, 

7 and further in view of Schmidt (U.S. Patent Number 5,826,015). 

8 The combination of Gafken, Arnold, Menezes, Hasbun, and Hayashi disclosed a secure 



9 bios updating system (See rejection of claim 38 above) but failed to disclose requiring a user to 

10 input a password to unlock the bios write capabilities. However, Gafken, Arnold, Menezes and 

1 1 Hasbun did disclose the use of password challenges (See . Gafken Col. 12 Paragraph 7 - Col. 13 

12 Paragraph 1). 



13 Schmidt teaches that in order to remotely upgrade a bios, an administrator password 

14 should be provided in order to unlock the partition (See Schmidt Fig. 9 and abstract), 

1 5 It would have been obvious to the ordinary person skilled in the art at the time of 

16 invention to employ the teachings of Schmidt to the bios updating system of Gafken, Arnold, 

17 Menezes, Hasbun, and Hayashi by requiring a correct password to be entered in order to unlock 

18 the bios altering capabilities. This would have been obvious because the ordinary person skilled 

19 in the art would have been motivated to protect the current bios from accidental or illicit 

20 alterations. 
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1 Conclusion 

2 Claims 37-62 have been rejected, and claims 1-36 have been cancelled. 

3 The prior art made of record and not relied upon is considered pertinent to applicant's 

4 * disclosure. 

5 i. Harmer (US Patent Number 5,835,760) disclosed a system which stores a 

6 BIOS in a Hard Drive and searches for portions in the BIOS to update. 

7 ii. Zinger et al. (US Patent Number 6,836,847) disclosed that a Hard Drive 

8 could be used in place of Flash Memory. 

9 iii. Jakubowski et al. (US Patent Number 7,080,249) disclosed verification of 

10 code blocks. 

11 iv. Pitzel et al. (US Patent Number 7,062,765) disclosed individual 

12 downloading and verification of components. 

13 THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 

14 poUcy as set forth in 37 CFR 1.136(a). 

15 A shortened statutory period for reply to this final action is set to expire THREE 



16 MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 

17 MONTHS of the mailing date of this final action and the advisory action is not mailed until after 

18 the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 

19 will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

20 CFR 1 .136(a) will be calculated fi*om the mailing date of the advisory action. In no event, 

21 however, will the statutory period for reply expire later than SIX MONTHS from the mailing 

22 date of this final action. 
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1 Any inquiry concerning this communication or earlier communications from the 

2 examiner should be directed to Matthew T. Henning whose telephone number is (571) 272-3790. 

3 The examiner can normally be reached on M-F 8-4. 

4 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

5 supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 

6 organization where this application or proceeding is assigned is 571-273-8300. 

7 Information regarding the status of an application may be obtained from the Patent 

8 Application Information Retrieval (PAIR) system. Status information for published applications 

9 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

10 applications is available through Private PAIR only. For more information about the PAIR 

1 1 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

12 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 

13 like assistance from a USPTO Customer Service Representative or access to the automated 

14 information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

15 
16 

/^^^^^^^ 

20 Matthew Henning 

2 1 Assistant Examiner 

22 Art Unit 2131 

23 3/15/2007 
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